• DirigibleProtein@aussie.zone
    link
    fedilink
    English
    arrow-up
    8
    ·
    1 year ago

    Of course it’s avoidable! Phone spoofing has been known to be a vulnerability for years, yet so many companies still insist on using SMS for 2FA “for security”. ffs, if you are concerned about security, use a proper TOTP or HOTP, or a hardware token.

    • Zagorath@aussie.zone
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      Hear, hear! SMD 2FA is absolutely better than not having any 2FA, but it’s still pretty fucking bad. TOTP, or even better FIDO2, should be used as the default standard.